Advanced Windows Server Test 3

¡Supera tus tareas y exámenes ahora con Quizwiz!

Folder redirection​

A Group Policy feature that allows an administrator to set policies that redirect one or more folders in a user's profile directory​

​Key Distribution Center (KDC)

A component of Kerberos that uses the Active Directory database to store keys for encrypting and decrypting data in the authentication process.​

Security Accounts Manager (SAM) database​

A database on stand-alone and member computers that holds local user and group account information​

Ticket-granting ticket (TGT)

A digital message used by Kerberos; grants an account access to the issuing domain controller, and is used to request a service ticket without having to authenticate again.​

PDC emulator​

A domain-wide Flexible Single Master Operation role that processes password changes for older Windows clients (Windows 9x and NT) and is used during logon authentication​

RID master

A domain-wide Flexible Single Master Operation role that's responsible for issuing unie pools of RIDs to each DC, thereby guaranteeing unique SIDs throughout the domain.​

​Infrastructure master

A domain-wide Flexible Single Master Operation role that's responsible for making sure changes made to object names in one domain are updated in references to these objects in other domains

​Group policy preference

A feature of Group Policy that contains settings organized into categories, which enables administrators to set up a baseline computing environment yet still allows users to make changes to configured settings.​

Kerberos delegation​

A feature of the Kerberos authentication protocol that allows a service to impersonate a client, relieving the client from having to authenticate to more than one service

​Domain naming master

A forest-wide Flexible Single Master Operation role that manages adding, removing, and renaming domains in the forest​

Schema master

A forest-wide Flexible Single Master Operation role that's responsible for replication the schema directory partition to all other domain controllers in the forest when changes occur.​

Nonauthoritative restore

A method of restoring Active Directory data from a backup that restores the database, or portions of it, and allows the data to be updated through replication by other domain controllers.​

Authoritative restore​

A method of restoring Active Directory data from a backup to ensure that restored objects aren't over​written by changes from other domain controllers through replication

Published application

A method of software deployment in which the application isn't installed automatically; instead, a link to install the application is available in Control Panel's Programs and Features

GPO scope​

A property of GPO processing that defines which objects a GPO affects.​

​10 hours

A service ticket by default lasts for how long?​

Batch file​

A text file containing a series of commands that's saved with a .bat extension​

​.mst

A transform file utilizes what file name extension?

​Mutual authentication

A type of authentication in which the identities of both the client and server are verified.​

Constrained delegation

A type of delegation that limits the delegation to specific services running on specific computers.

Unmanaged policy setting

A type of group policy setting that persists on the user or computer account, meaning it remains even after the computer or user object falls out of the GPO's scope.​

Managed policy setting

A type of group policy setting whereby the setting on the user or computer account reverts to its original state when the object is no longer in the scope of the GPO containing the setting.​

​Relative identifier (RID)

A unique value combined with a domain identifier to form the security identifier for an Active Directory object.​

​Service account

A user account that Windows services use to log on with a specific set of rights and permissions​

​%systemroot%\PolicyDefinitions

ADMX and ADML files are placed under what directory within Windows?​

Get-ADForest

An administrator needs to know which servers carry forest-wide roles. What PowerShell cmdlet can be used to display this information?​

False

Before an RODC can be installed, the forest functional level must be at least Windows Server 2008.​

​180 days

By default, for how long are deleted objects stored within the Active Directory database before they are removed entirely?​

Once per hour

By default, replication between DCs when no changes have occurred is scheduled to happen how often?

​5 minutes

By default, the maximum tolerance for computer clock synchronization is set to what value?​

7 days

By default, what is the maximum period during which a TGT can be renewed?​

False

Every domain in a forest must have at least one global catalog server.​

True

GPO enforcement is configured ​on a GPO, not on an Active Directory container.

Domain GPOs

Group Policy objects stored in Active Directory on domain controllers. They can be linked to a site, a domain, or an OU and affect users and computers whose accounts are stored in these containers.​

Local GPOs​

Group Policy objects stored on local computers that can be edited by the Group Policy Object Editor snap-in​

​The computer accounts must be in a non-default created OU

Group Policy updates can be forced using GPMC. What requirements exist for an administrator to be able to do this?

​wbadmin start systemstaterecovery

How can an administrator initiate a system state recovery using the command line?​

​By using the Test-ADServiceAccount cmdlet

How can an administrator test an MSA to ensure that it can access the domain with its current credentials, or can be installed on a member computer?​

​Through subnets added to the site

How is a computer's designated site determined, such that the computer is given a domain controller to request services from within the same site?​

Every 90 minutes​

How often are computer and user policies applied after a user has logged into a computer?

​12 hours

How often does garbage collection run on a DC?​

False

If a package has been deployed to a computer and changes are made to the package, the package will be automatically reinstalled.​

​Slow link detection is disabled

If the slow link detection policy is set at 0, what does this indicate?​

The resource must have proper permissions set for ComputerName$, where ComputerName is the name of the computer attempting to access the resource.​

If using virtual accounts to access the network, how are permissions added to a network resource to allow the virtual account access?​

​dsadd

In addition to the New-ADUser PowerShell cmdlet, what other command line tool can be used to add users to Active Directory?​

True

In order to connect two or more sites for replication purposes, a site link must be created.​

​gpupdate /force

In order to force a computer to immediately download and apply all group policies, what command should be run?​

System

In the Computer Configuration node, what folder contains policies that can be used to affect general computer system operation settings, such as disk quotas and group policy processing?

True

Local GPOs are edited with the gpedit.msc tool.​

Security templates

Text files with an .inf extension that contain information for defining policy settings in the Computer Configuration, Policies, Windows Settings, Security Settings node of a local or domain GPO​

​24

The Default Domain Policy sets the "Enforce password history" setting to what value by default?​

​42 days

The Default Domain Policy sets the maximum password age to what value?​

​6.2

The Windows 8 and Windows Server 2012 operating systems have an operating system version number of:​

Kerberos

The authentication protocol used in a Windows domain environment to authenticate logons and grant accounts ​access to domain resources.

/sync

The gpupdate command in conjunction with which option below causes synchronous processing during the next computer restart or user logon?​

Folder redirection

The option to turn off background processing is not available for which type of policy below?

​Authenticated Users

The standard DACL for a package object assigns read permissions to what group by default?​

​Replay attack

Timestamps within Kerberos are used to help guard against what type of attack?​

​Computer Configuration\Policies\Administrative Templates\System\Group Policy

To find a full list of policies and preferences that can have background processing disabled, where should you look?

True

Software packages that are assigned to target computers are mandatory for installation.

​wbsadmin.exe

Which option below is not one of the three main methods for cleaning up metadata?​

​Software installation policies

Which policy below requires synchronous processing to ensure a consistent computing environment?​

DHCP

Which server role below can't be installed on a server that will be cloned?​

​Service ticket

Which type of ticket below is requested by an account when it wants to access a network resource, such as a shared folder?​

Every 8 hours

With universal group membership caching, how often is the cached information on group membership refreshed?​

True

Within the Logon properties window, a PowerShell script can be added to run when a user logs on or off.​

​ntds.dit

Within the NTDS folder, which file stores the main Active Directory database?​

True

Although ​a user account must be unique throughout a domain, a user account can be the same within different domains in the same forest.

​PDC emulator

An administrator has received a call indicating that user logons are no longer being accepted within a single domain in the forest. What FSMO role should be investigated?

True

On a slow link, policies involving folder redirection are not processed.​

​DEFAULTIPSITELINK

Once Active Directory has been installed, a default site is created. What is the name for this site?​

True

Once an account has been given a TGT, it can request a service ticket to access a domain resource.​

​Accout lockout threshold

Select below the Account Lockout Policy item ​that determines how many failed logins can occur on an account before the account is locked

Domain naming master

Select below the FSMO role that is required to be online to facilitate the addition or removal of a domain controller:​

Perform Group Policy Modeling analyses

Select below the policy permission that grants a user or group the ability to use the GPO Modeling Wizard ​on a target container:

​The Kerberos message is considered invalid

Using default settings, if a computer's clock differs more than 5 minutes than a Kerberos message's timestamp, what happens?​

Get-ADServiceAccount​

What PowerShell cmdlet can be used to show an MSA's properties?​

​scwcmd.exe

What command can be used to ​convert an XML policy file into a GPO?

Basic

What option under the folder redirection settings redirects everyone's folder to the same location?​

Read

What permission is given to the Enterprise Domain Controllers universal group on all GPOs by default, and grants permission to view settings and back up a GPO?​

​Always wait for the network at computer startup and logon

What policy setting can be used to force synchronous processing?

​Unmanaged policy setting

What type of policy setting is persistent, remaining even after a computer or user object falls out of a GPO's scope until it's changed by another policy or manually?​

True

When a user logs on to a domain, the client computer always tries to authenticate to a DC in the same site.​

Template policy and current computer policy don't match

When working with policies in the Security Configuration and Analysis snap-in, what does an X in a red circle indicate?​

​Infrastructure master

Which FSMO role is responsible for ensuring that changes made to object names within one domain are updated in references to those objects in other domains?​

​-

Which character below can be legally used in a username?​

Assigned application

​A method of software deployment in which an application can be installed automatically when the computer starts, a user logs on to the domain, or a user opens a file associated with the application.

Tombstone lifetime

​A period of time in which deleted Active Directory objects are marked for deletion but left in the database.

​Template policy and current computer policy don't match

​A policy setting within the Security Configuration and Analysis snap-in with a question mark in a white circle indicates which option below?

Managed service account

​A service account that enables administrators to manage rights and permissions for services with password management handled automatically

False

​Administrative template files are in HTML format, using the .admx extension.

​Active Directory snapshot

​An exact replica of the Active Directory database at a specific moment

​The user account password expired

​Approximately 42 days after a service was configured to use a normal user account, the service has stopped working and refuses to run. An administrator has verified that the account still exists on the domain. Assuming default domain policy settings, what could be the issue?

Shared Folders

​In the User Configuration node, where can policies that determine whether a user can publish DFS root folders in Active Directory?

HKEY_LOCAL_USER

​Settings under the User Configuration node affect what Registry key?

​PDC emulator

​The RID master FSMO role is ideally placed on the same server as what other role?

Control Panel

​Under the Computer Configuration, which folder contains settings related to the Regional and Language Options, User Accounts, and Personalization options?

​Key Distribution Center

​What component of Kerberos is responsible for storing keys for encrypting and decrypting data in the authentication process?

​Set-GPPermission

​Which PowerShell cmdlet below can be used to set permissions for a security principal to a GPO or to all GPOs?

Policy doesn't exist on the computer

​Within the Security Configuration and Analysis snap-in, what does an exclamation point in a white circle indicate?


Conjuntos de estudio relacionados

I am Malala Questions Chapters 1-8

View Set

Cisco Semester 1, CH 14-15 Quiz Questions

View Set

AP Lit Final Prep 5 - Mansfield Park

View Set

Antibacterial and Anti-infective Agents

View Set

Mundo Real - 2.4 *rwar* XD 0w0 UwU

View Set

Chapter 10: Health Assessment of Children

View Set